Virus - can't turn on firewall, bogus alerts while running microso

[Dale]

Glad you're back.

Here's the logs:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
File ptyTemp] not found.
 
OTL by OldTimer - Version 3.2.54.0 log created on 08032012_052524

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.03.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

Protection: Enabled

8/3/2012 5:32:46 AM
mbam-log-2012-08-03 (05-32-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197076
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[guestolo]

How's everything running on your end now?

[Dale]

Seems okay.  I haven't done much with it, to be honest, but I've been posting here without issues.  I did look at the security status, just now.  It now shows the firewall is turned on.  I couldn't get it on before.  It says the antivirus is not.  Webroot Antivirus and Spysweeper, report that they're off it says.  For now I've left them/it off.  I kind of think their license has expired, but I'm not sure.  I have seen a popup from Webroot a couple of times that said it did a scan.  I think it said things were fine.  So I'm not sure I should try to turn it on.

Any suggestions as to what to do for malware protection for this PC?

In the meantime, I'll do some surfing on it and see if I notice anything.

Thanks!
Dale

[guestolo]

Let's do the following: download TFC by Old Timer and save it to your desktop.
http://www.itxassociates.com/OT-Tools/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
Right-click on TFC.exe and choose to "Run as Administrator"

Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.

Ensure you still have ComboFix on desktop

• Press the Windows Key and R on your keyboard. This will bring up the Run... command.
     
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
     
• Please follow the prompts to uninstall Combofix.
• You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

If she didn't purposely install the AskToolbar, which I doubt she did, it usually gets installed with other software
Close down all browser windows and uninstall the Toolbar from
'Programs and Features' in Windows Control Panel

Right click on OTL.exe and choose to "Run as Admin"
When it opens, click on the CLEANUP button, follow prompts and reboot when announced
This will properly remove OTL.exe and other tools

Back in Windows, if TFC.exe still exists, you can simply delete it

Ensure your antivirus is enabled afterwards and updated. Is it able to update still??
Has subscription expired?

[Dale]

What are we doing, working on this stuff on a Friday night???   http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'\' />

I just ran TFC and the pc's rebooting right now.

I'll do the rest of the things you mentioned and get back to you on the ability to update the antivirus.

Thank you,
Dale

[Dale]

As you may have suspected, her subscription to webroot antivirus with spy sweeper has expired, and they want $ to renew it.

[guestolo]

why not do the following....We don't want to leave you without AV protection
I suggest either Microsoft Security Essentials or Avast free>> Both are free
Here are the links to both..ONLY choose one, as more than one will/may cause instability and conflicts
Microsoft Security Essentials
And Avast free edition
 Ensure that Webroot AV and Spysweepers protections are disabled
Then uninstall the Program(s)
Reboot the computer afterwards
Back in Windows, install the AV your happiest with
If you go with Avast: Ensure to deselect the option to install Google Chrome web browser, unless it's an option you like, but it's not needed
And register it.. Required once a year
With either, take a look at it's options.. I suggest scheduling a Full scan once a week

Let me know how you make out

[Dale]

Hi,

I installed the Microsoft Security Essentials and configured it.  I also let IE 9 be installed.

Everything seems great as far as I can tell.

Thank you very very much for your help on this!

Dale

[guestolo]

Good work, again, sorry it took so long to respond at times... My time was limited on the computer however.
A little isolated.
If you have time, why not run a Full scan with MSE now, let me know how it goes
Then I'll lock this topic

[Dale]

Hi,

I'd run a quick scan when I first installed MSE and it found nothing.  I ran a full scan though after seeing your last post, and it did find something - Rogue: Win32/FakePAV, but it apparently "fixed" it.  I ran another full scan, just because, and that one found nothing.

Everything seems good to go, and I really appreciate your help, as always!

Thank you very much,
Dale

[guestolo]

great, I'll lock this topic as your problems appear resolved... Take care Dale  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />